Coffeehouse Thread

27 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Sysinternals Tools (Process Explorer, etc) -> Do you have questions for Russinovich?

Back to Forum: Coffeehouse
  • User profile image
    Charles

    I was talking with Mark the other day and one of his blog readers suggested that I head over to his office some time to dig into Process Explorer. What we think makes sense is a conversation including tips and tricks to get the most out of some of his incredibly useful tools and also opening the hood a bit to find out how they work and what development strategies he employed when writing them.

     

    Is this something you'd like to see and if so what would you want Mark to focus on (his time is limited so, focus is key...)? What do you want to know? Do you think this would make for an interesting C9 interview/session?

     

    Thanks in advance for your input,

    C

  • User profile image
    SteveRichter

    I would like to know if the source code can be released for the sys internals tools.

  • User profile image
    magicalclick

    Acually I mainly want a desktop gedget showing my which annoying processing is eating my HDD. All the HDD meter I seen, it just usage, IO/sec, or disk activity meter. I already know my disk is busy by hearing it clicking crazy. But, I want to know which process is actually the cause. It is important as a desktop gadgets because by the time I launch resource monitor, it is already too late. Also it is still hard to know who is the cause from reasource monitor.

     

    Like the process ID will keep re-sort based on usage. But, I want to know in general as 5 second window sliding every second, instead of a 1 second window sliding every second.

     

    NOT ONLY that, but, the cause should be identified by the program and put it in a perminent result list for at least 5 minutes of results. The reason is, I don't want to see the evil process for a second and disappear. I need time to see it, copy it down somewhere, and figure out what the process is.

     

    Basically a "smart" version of HDD activity "reporter/alert", for very very "dumb" user.

     

    thanks.

     

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    ManipUni

    When will Task Manager gain even the most basic features from Process Explorer (e.g. tree view, rundll's dll,  what each svchost hosts, etc)?

    Also the above question about IO activity is great. Process Explorer does support this but frankly it doesn't make it easy to find "spikes." I have looked into the Windows Performance Monitor but have struggled to get it to do anything useful (except track overall IO).  

    In general I find locating spikes of usage very difficult on Windows. This applies across all finite resources. I mean I can see the spikes but the source is often obscure.

     

  • User profile image
    SteveRichter

    Is it possible to freeze everything that is running on the system, except for a control facility? Then save the state of all the processes.  Or start to examine each halted process to see what they are up to?

     

     

  • User profile image
    ManipUni

    Is it possible to freeze everything that is running on the system, except for a control facility? Then save the state of all the processes.  Or start to examine each halted process to see what they are up to?

    While I understand what you're getting at and why, that would cause Windows to bluescreen.

  • User profile image
    JoshRoss

    @ManipUni: How about you get the ability to freeze all unsigned executables?

  • User profile image
    ScanIAm

    I third the question about how to find out what is causing the HDD to go crazy.  I'm sure it's possible using either process explorer or procmon, but the signal to noice on procmon makes it pretty useless when your system is super slow for some other reason.

     

    It would also be nice to see if it's possible to monitor network traffic the same way.  I don't care about the content, but I want to see what process has decided to hang up (I'm looking at to you, outlook).

  • User profile image
    Charles

    We will aim for this to be filmed in a few months from now. I will bump this thread as get closer to ensure as many of these questions get asked as possible. Mark is busy cranking code. So glad he's working on the Windows Azure kernel Smiley Good news indeed. Keep the questions/feedback coming.

     

    C

  • User profile image
    ManipUni

    @ManipUni: How about you get the ability to freeze all unsigned executables?
     

    That would work - except Microsoft don't sign all of their own executables. But it won't likely BSoD on Windows Vista/2008/7.

  • User profile image
    vesuvius

    What does process explorer have for the managed developer? I think the odd internet search shows developers that they need to be aware of private bytes, but is there anything more that process explorer has?

     

    I am working on a WPF application, where we are firefighting significant memory leaks, partly through strong references that are never released, and partly through people not understanding WPF fully, so is there anything at all I can take to my team to ensure they can reduce the surface area for leaking memory by using process explorer?

  • User profile image
    JoshRoss

    @ManipUni: I noticed that! Why wouldn't they sign things like the Machine Debug Manager?

  • User profile image
    felix9

    @vesuvius: ProcExp has a .NET Performance tab in the process properties, which shows many .NET performance objects like memory details. and I think VMMap could help here too.

  • User profile image
    virtualfat

    I'd like to see a dummies guide to process explorer and i'd like to see it further intergrated with Hyper-V hosts to give a realtime configurable multi-machine view.

  • User profile image
    androidi

    I used to love and use Process Monitor a lot prior to v2. In v2 it started to feel "Vista"* and it's not a first resort tool any more.

    Can you make Process Monitor lightning quick again, this means instantly startup and not show lot of unrelated activity after startup. Also Ctrl+E to stop and restart tracing should be instant and I should be able to press Ctrl+e rapidly without problems to stop and restart tracing.

     

    *There's that exception to Vista that I made other thread about where Vista is a lot faster than 7 in actual application data load usage when app loads lot of large data files. My wish is that in 7 and future OS SuperFetch can be changed to act like in Vista OR like in 7 or something in between.

  • User profile image
    WorkingHard​InIt

    I would love to see the Sysinternals suite integrated with Windows and updated via Windows update. Any plans for this?

  • User profile image
    davewill

    Windows 7 is busy at various times with hard drive activity.  While the activity may be legit, it FREAKS out users who view machine activity, when they aren't doing anything, as a sign of a virus.  It causes emotional distress.  Is there a sysinternals tools way to analyze and set their minds at ease?

     

    I haven't had a need yet but it is coming. Will the sysinternals tools handle IPv6?

     

    Will some of the older tools be updated for Windows 7 and future versions?

     

    Would it be possible for Process Explorer, Procmon, Autoruns to have an option to filter out binaries or processes that are known to be safe (known by way of some previously established crc, hash, webservice check, etc) so we can focus on the trouble?

  • User profile image
    JoshRoss

    @davewill: I like this filter idea. It would also have to scan the DLLs loaded by the processes to ensure that something like Explorer. a known and trusted executable, isn't runing some virus DLL.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.